大东网马和下载者来了

显示全部楼层 · 发表于 2009-5-10 22:09:14

显示全部楼层 · 发表于 2009-5-10 22:17:39

原帖由 dayang1717 于 2009-5-10 22:09 发表
地址
http://o-ap.cn:1111/neww/ms.css
532533

Scanned file: zbwtuis.cn.rar - Infected

zbwtuis.cn.rar/xnnn.js - OK
zbwtuis.cn.rar/zhin.js - OK
zbwtuis.cn.rar/14.htm - OK
zbwtuis.cn.rar/as.htm - OK
zbwtuis.cn.rar/cx.htm - OK
zbwtuis.cn.rar/fx.htm - OK
zbwtuis.cn.rar/lzz.htm - OK
zbwtuis.cn.rar/ms.css - infected by Trojan-GameThief.Win32.OnLineGames.bkzf
zbwtuis.cn.rar/wewew.js - OK

Statistics:

Known viruses:	2155291	Updated:	10-05-2009
File size (Kb):	42	Virus bodies:	1
Files:	9	Warnings:	0
Archives:	1	Suspicious:	0

Hello,

14.htm_ - Trojan.JS.Agent.acp,
as.htm_ - Trojan.JS.Agent.aco,
cx.htm_ - Trojan-Downloader.JS.Iframe.awa,
fx.htm_ - Trojan-Downloader.JS.Iframe.avz,
lzz.htm_ - Exploit.JS.Agent.aho,
wewew.js_ - Trojan.JS.Small.ab,
zhin.js_ - Trojan-Downloader.JS.Iframe.avy

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

xnnn.js_

No malicious code was found in this file.

[ 本帖最后由 328397663 于 2009-5-10 22:57 编辑 ]

显示全部楼层 · 发表于 2009-5-10 22:32:16

McAfee 报了6个。。

显示全部楼层 · 发表于 2009-5-10 22:35:31

趋势直接不让下载！

显示全部楼层 · 发表于 2009-5-10 22:38:00

微点报一个，和2楼的结果一样！！

[ 本帖最后由 norman6810 于 2009-5-10 23:36 编辑 ]

显示全部楼层 · 发表于 2009-5-10 22:42:23

DR.WEB
zbwtuis.cn.rar\ms.css;D:\Documents and Settings\Administrator\桌面\zbwtuis.cn.rar;Trojan.MulDrop.31219;;
zbwtuis.cn.rar;D:\Documents and Settings\Administrator\桌面;Archive contains infected objects;;

显示全部楼层 · 发表于 2009-5-10 22:51:42

显示全部楼层 · 发表于 2009-5-10 23:31:07

Last checked: bbs.kafan.cn
Last infection: bbs.kafan.cn
Infected with: Trojan.JS.Downloader.BHI, Trojan.Exploit.ANQZ, Trojan.JS.Agent.DYQ, Trojan.Crypt.CY (Engine A), VBS:Obfuscated-gen [Trj] (3x), JS:CVE-2009-0075-A [Expl], HTML:IFrame-BY [Trj], JS:Agent-CC [Trj], Win32:Trojan-gen {Other} (Engine B)

显示全部楼层 · 发表于 2009-5-11 08:24:34

Starting the file scan:

Begin scan in 'D:\kafan\14.htm'
D:\kafan\14.htm
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE]    The file was deleted!
Begin scan in 'D:\kafan\as.htm'
Begin scan in 'D:\kafan\cx.htm'
D:\kafan\cx.htm
[DETECTION] Contains recognition pattern of the HTML/Shellcode.Gen HTML script virus
[NOTE]    The file was deleted!
Begin scan in 'D:\kafan\fx.htm'
D:\kafan\fx.htm
[DETECTION] Contains recognition pattern of the JS/iFrame.alm Java script virus
[NOTE]    The file was deleted!
Begin scan in 'D:\kafan\lzz.htm'
D:\kafan\lzz.htm
[DETECTION] Contains recognition pattern of the HTML/Dldr.Agent.SB HTML script virus
[NOTE]    The file was deleted!
Begin scan in 'D:\kafan\ms.css'
D:\kafan\ms.css
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE]    The file was deleted!
Begin scan in 'D:\kafan\wewew.js'
Begin scan in 'D:\kafan\xnnn.js'
Begin scan in 'D:\kafan\zhin.js'

End of the scan: 2009年5月11日  08:26
Used time: 00:00 Minute(s)

The scan has been done completely.

   0 Scanned directories
   9 Files were scanned
   5 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   5 files were deleted
   0 Viruses and unwanted programs were repaired
   0 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   4 Files not concerned
   0 Archives were scanned
   0 Warnings
   5 Notes

显示全部楼层 · 发表于 2009-5-11 09:29:09

卡巴
检测到：木马程序 Trojan-GameThief.Win32.OnLineGames.bkzf URL: http://bbs.kafan.cn/attachment.p ... 116//ms.css//NSPack

[病毒样本] 大东网马和下载者来了

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块